Community Forums

Share:

Florida digital signature laws...need help on interpreting the rule  


I. Ben Havin
Posts: 351
Member
(@i-ben-havin)
250+ posts
Joined: 7 years ago

I recently completed a home study continuing education course on Florida's digital signature law titled "Digital Signatures for Surveyors". However, I am now more confused that I was before I took it. Any help in unraveling the  rules would be appreciated. My apologies for such a long winded post.

 

At the end of this post I include current Florida Rule 5J-17-.062. At the very end is the now replaced old paragraph (4) which had stuff about SHA-1 etc. For those unaware of the changes, all that stuff has now been taken out.

 

Paragraph (4) starts with "Alternatively", and I don't want to go there.

Paragraph (3) goes into the definition of electronic signatures.

Paragraph (1) is simply requiring the professional to sign, seal and date his or her work.

 

It's paragraph (2) where I am having some difficulty deciphering what exactly is being required.

 

As I read this (paragraph (2)), I don't find where the rule requires anything specific to be placed on electronically conveyed work (i.e. an emailed final PDF maps)!

 

Regarding the requirement to place electronic seals the rule says "may" (use).

 

Then, the rule makes clear (IF) the map has the electronic seal, include a text statement, UNLESS an electronic signature is used.

 

None of this says an electronic signature is required. And, none of this says an electronic seal is required. The only mention of the electronic signature is when/if using the electronic signature along with the electronic seal, then in that case no text statement is needed.

 

The only place where I see any requirement for electronic signature is where the user decides to make final hard copies (it also does not say a final hard copy is required to be produced), and in that case the electronic signature is required, but only if you don't want to use an original signature and seal. So, if you don't make a hard copy then there is nothing to add the electronic signature to.

 

Help!

 

5J-17.062 Procedures for Signing and Sealing Electronically Transmitted Surveys or Other Documents.

(1) Information stored in electronic files representing plans, specifications, plats, reports, or other documents which must be sealed under the provisions of chapter 472, F.S., shall be signed, dated and sealed by the professional surveyor and mapper in responsible charge.

(2) A license holder may use a computer generated representation of his or her seal on electronically conveyed work; however, the final hard copy documents of such surveying or mapping work must contain an original signature and seal of the license holder and date or the documents must be accompanied by an electronic signature as described in this section. A scanned image of an original signature shall not be used in lieu of an original signature and seal or electronic signature. Surveying or mapping work that contains a computer generated seal shall be accompanied by the following text or similar wording: “The seal appearing on this document was authorized by [Example: Leslie H. Doe, P.S.M. 0112 on (date)]” unless accompanied by an electronic signature as described in this section.

(3) An electronic signature is a digital authentication process attached to or logically associated with an electronic document and shall carry the same weight, authority, and effect as an original signature and seal. The electronic signature, which can be generated by using either public key infrastructure or signature dynamics technology, must be as follows:

(a) Unique to the person using it;

(b) Capable of verification;

(c) Under the sole control of the person using it;

(d) Linked to a document in such manner that the electronic signature is invalidated if any data in the document are changed.

(4) Alternatively, electronic files may be signed and sealed by creating a “signature” file that contains the surveyor and mapper’s name and PSM number, a brief overall description of the surveying and mapping documents, and a list of the electronic files to be sealed. Each file in the list shall be identified by its file name and secure authentication code computed by a cryptographic hash function. A report shall be created that contains the surveyor and mapper’s name and PSM number, a brief overall description of the surveyor and mapper documents in question and the secure authentication code of the signature file. This report shall be printed and manually signed, dated, and sealed by the professional surveyor and mapper in responsible charge. The signature file is defined as sealed if its secure authentication code matches the secure authentication code on the printed, manually signed, dated and sealed report. Each electronic file listed in a sealed signature file is defined as sealed if the listed secure authentication code matches the file’s computed secure authentication code.

Rulemaking Authority 472.008, 472.025 FS. Law Implemented 472.025 FS. History–New 2-1-00, Amended 12-16-07, Formerly 61G17-7.0025, Amended 11-13-17, 7-15-18.

 

 

The below paragraph was replaced:

(4) Alternatively, electronic files may be signed and sealed by creating a “signature” file that contains the surveyor and mapper’s name and PSM number, a brief overall description of the surveying and mapping documents, and a list of the electronic files to be sealed. Each file in the list shall be identified by its file name utilizing relative Uniform Resource Locators (URL) syntax described in the Internet Architecture Board’s Request for Comments (RFC) 1738, December 1994, which is hereby adopted and incorporated by reference by the Board and can be obtained from the Internet Website: ftp://ftp.isi.edu/in notes/rfc1738.txt. Each file shall have an authentication code defined as an SHA-1 message digest described in Federal Information Processing Standard Publication 180-1 “Secure Hash Standard,” 1995 April 17, which is hereby adopted and incorporated by reference by the Board and can be obtained from the Internet Website: http://www.itl.nist.gov/fipspubs/fip180  1.htm. A report shall be created that contains the surveyor and mapper’s name and PSM number, a brief overall description of the surveyor and mapper documents in question and the authentication code of the signature file. This report shall be printed and manually signed, dated, and sealed by the professional surveyor and mapper in responsible charge. The signature file is defined as sealed if its authentication code matches the authentication code on the printed, manually signed, dated and sealed report. Each electronic file listed in a sealed signature file is defined as sealed if the listed authentication code matches the file’s computed authentication code.

Rulemaking Authority 472.008, 472.025 FS. Law Implemented 472.025 FS. History–New 2-1-00, Amended 12-16-07, Formerly 61G17-7.0025.

6 Replies
ashton
Posts: 329
Member
(@ashton)
250+ posts
Joined: 9 years ago

The way I read it, paragraph 1 says you have to sign your work. Paragraph 2 says you can accomplish this either by generating a final hard copy and signing that by hand, or you can sign the electronic file with an electronic signature that meet the requirements of the rules. If you choose the hardcopy route, the seal in the electronic version has to be accompanied by the statement “The seal appearing on this document was authorized by [Example: Leslie H. Doe, P.S.M. 0112 on (date)]”. On the other hand, if you use a conforming electronic signature, you can use an electronic image of your seal and you do not have to use the Leslie H. Doe sentence.

My background is as an integrated circuit designer. We were not required to , and did not, sign our chip layouts. If we wanted to, we would have had to use electronic signatures. Even in 1980, a legible hardcopy would have covered San Francisco Bay. By now, I imagine a legible hardcopy would be the size of the solar system.

Reply
FL/GA PLS.
Posts: 3718
Member
(@flga-pls-2-2)
2,500+ posts
Joined: 9 years ago

"On the other hand, if you use a conforming electronic signature, you can use an electronic image of your seal and you do not have to use the Leslie H. Doe sentence."

That's the way I've been doing it for 10 years. There are a bunch of Companies out there that issue digital signature/seal services. We have used Iden-Trust forever but they are merging with someone else and I'm not sure who we will use next.

After the rules were revised 278 times they finally managed to come up the current confusing language. All in all the way I see it is if you have a digital signature certificate that is all you have to do. You can place an image of your seal as well, in lieu of actually embossing it. We usually do around 50 Plot plans/Boundary surveys a week (Production builders) for quite a while and have never been questioned. We work with about 20 different municipalities; no complaints yet. 😎 

Reply
3 Replies
I. Ben Havin
Member
(@i-ben-havin)
Joined: 7 years ago

250+ posts
Posts: 351

@flga-pls-2-2

Thanks for the help. A recent continuing education course made me wonder about what exactly the Board was requiring. With your confirmation I will probably do as you are doing.  Does your method involve Public key/Private key stuff? How is the receiver able to verify the validity?

I have come across some (in Florida) who are using the Public key/Private key, and sending the receiver off to get some hash calculator in order to verify the validity of the Electronic Signature. 

Reply
Dallas Morlan
Member
(@dallas-morlan)
Joined: 8 years ago

500+ posts
Posts: 721

@i-ben-havin

I attached a file to my post on a similar topic about a month ago Electronic Information Transfer (PDF) that may be of interest.  The verification requires the receiver to have an internet connection and simply click on the electronic signature. Once the verification information appears in a separate window clicking on another link provides additional verification and information from the certifying organization.  The file linked above has an active example of these links.

Reply
FL/GA PLS.
Member
(@flga-pls-2-2)
Joined: 9 years ago

2,500+ posts
Posts: 3718

@i-ben-havin

All the municipalities we work with already have "digital keys" to verify your signature/certificate is authentic. We used to send the key with the drawing as an attachment for the recipient. We have never had one checked for authenticity so far. Here is a list of Companies you can "rent" certificates. They usually expire every 4 years and you have to renew, thus the "rent" terminology. If they do check, it's just a matter of typing the key number an a search page and it will pop right up.

https://www.consumersadvocate.org/digital-signature

Hope this helps! 😎 

😎

Reply
ashton
Posts: 329
Member
(@ashton)
250+ posts
Joined: 9 years ago

If you want to use private key/public key, there are basically two approaches. With either approach, you start by going through a process with a certification authority, for example, DigiCert. Check with your state to see if they let you use any certification authority you want, or if you have to choose one that's been approved by your land surveyors board. Once that happens, you get a public key, which you can reveal to your customers and anybody else, and a private key you keep secret. For greater security, the private key can be stored on a USB device that you only insert when you want to use the key.

The easier approach is to use software that has digital signatures built in, like Microsoft Word, Adobe Acrobat and Reader, and AutoCAD. You follow the directions to apply the signature, plug the USB device in if you have one, enter the signing password that lets you use the private key, and the digital signature is stored inside the file being signed. There will be something displayed in the document to show the signature is there and it's valid. If anybody changes the file, the display of the signature will be altered to show it's invalid.

The more complicated use is for a file that is processed with software that doesn't support digital signatures. Lets say you wrote some software to do something special with a comma-separated-values file. Your software is unaware of digital signatures, but somebody is insisting you digitally sign your .csv file.

So you go to the Windows command prompt and give a command something like

CertUtil -hashfile C:\TEMP\MyDataFile.csv SHA256

You get a response similar to

3cfd336643162ee7bb62d3f41fc8873a

So you write a Microsoft word file that says something like "The genuine authentic CSV file containing the location of fire hydrants in the Hooterville Dog Walk area has a SHA256 hash of 3cfd336643162ee7bb62d3f41fc8873a" followed by a scan of your seal. Then you use the digital signing feature of Microsoft Word and your private key to sign the file. Anyone who wants to make sure the file hasn't been altered first looks at the Microsoft Word document and sees the signature hasn't been altered. Then they use their favorite SHA256 generator to generate the hash of the .csv file, and see if it is 3cfd336643162ee7bb62d3f41fc8873a. If it isn't, the file has been altered, either intentionally or accidentally.

Reply